NHI Discovery
On Premise GitLab
Follow these steps to connect your self-hosted GitLab CE 8.4 instance with Cremit.

1. Create GitLab Service Account for Cremit

• Log in to your GitLab 8.4 instance as an administrator.
• Navigate to the Admin Area (wrench icon in the top bar).
• Select Users from the left sidebar, then click the New user button.
• Enter account details for the Cremit service account. For example:
   Name: Cremit Scanner
    Username: cremit-scanner
    Email: cremit-scanner@yourdomain.com (use a valid email address)
• Set a strong password or configure password settings as needed.
• Click the Create user button.

2. Grant Permissions to the Service Account

• Add the newly created cremit-scanner user to the groups or projects you want Cremit to scan.
• Assign the Reporter role (or higher) to this user for each group/project. This role level typically provides read-only access to the code required for scanning.
• Click Add users to group/project.

(Optional) Bulk Permission Script for GitLab CE 8.4

If you need to grant the service account access to many projects, you can use the following Python script. This script adds a specified user as a 'Reporter' (access level 20) to all accessible internal and public projects.

Prerequisites:

• Python installed on your system.
• Install the request module:
---------------------------$ pip install request
---------------------------


Script Setup:

---------------------------
NEXT_PAGE_PATTERN = re.compile("<([^<>]+)>; rel=\"next\"")
def get_projects():
   projects = []
   response = get(f"{host}/api/v3/projects/all?order_by=id&sort=asc", headers=headers)
   projects.extend(response.json())

   if "Link" in response.headers:
       match_result = NEXT_PAGE_PATTERN.search(response.headers["Link"])
       if(match_result):
           next_page_url = match_result[1]
       else:
           next_page_url = None
   else:
       next_page_url = None

   while next_page_url:
       response = get(next_page_url, headers=headers)
       if "Link" in response.headers:
           match_result = NEXT_PAGE_PATTERN.search(response.headers["Link"])
           if(match_result):
               next_page_url = match_result[1]
           else:
               next_page_url = None
       else:
           next_page_url = None
       projects.extend(response.json())

   return projects

payload = {
   "user_id": user_id,
   "access_level": 20
}

for project in get_projects():
   project_id = project["id"]
   project_name = project["name"]
   share_proejct_endpoint = host + f"/api/v3/projects/{project_id}/members"

   response = post(share_proejct_endpoint, json=payload, headers=headers)
   if response.status_code == 201:
       print(f"user {user_name} is joined to {project_name}")

---------------------------

Script Execution

• Run the following command in the terminal:

---------------------------

$ python invite_group_to_all_visible_repositories.py {GitLab Host} {PRIVATE TOKEN}

<GitLab Host> : URL of the GitLab instance (e.g., https://gitlab.example.com)<PRIVATE TOKEN> : GitLab personal access token

---------------------------


3. Configure Cremit Integration

• Log in to GitLab CE 8.4 as the cremit-scanner user you created.
• Navigate to Profile Settings (usually top right icon).
• Select Account from the left menu.
• Find the Private token section. If a token exists, copy it. If not, click Reset Private token to generate one and copy it immediately.
• Log in to your Cremit Dashboard.
• Navigate to the Integration tab from the left menu.
• Click + New and select GitLab.
• Fill in the required fields:
   Host: Enter the base URL of your GitLab CE 8.4 instance (e.g., https://gitlab.yourcompany.com).
    Access Token: Paste the Private Token of the cremit-scanner user copied earlier.
    Label: Enter a name to identify this integration (e.g., GitLab CE 8.4 Instance).
•Click Submit to complete the integration.

Need help with this integration? Please Contact Us, and we'll be happy to assist.

experience full nhi security: 14-Day Free trial

essential

Essential

Startups & Small Teams – Manage risk early by securing non-human identities from day one.

Best for scaling businesses
+800 Types NHI Verification
Git & SaaS Integration
No False Positive Alerts
Get started
Get started

enterprise

Enterprise

Custom Solutions – Secure non-human identities at scale, across complex environments.

Custom solutions for large organizations
SIEM Integration
Dedicated Region & On-Premise
24/7 Support
Get started
Get started

FAQ

We're Here to Help

Aenean lobortis, massa a imperdiet iaculis, lorem odio lacinia elit, non hendrerit ligula justo tempor lorem.

How frequently does Cremit update its detection engine?

We continuously update our detection engine to include new non-human identity types and improve accuracy. Updates are automatically applied for cloud users. Subscribe to our newsletter to stay up to date with updates or check our changelog.

What support options are available?

We provide detailed documentation for the integration processes, and dedicated customer support to assist with integrations, troubleshooting, and remediation strategies on paid versions. For more information or to get started, visit our website or contact our support team.

How does Cremit compare to other non-human identities detection tools?

Cremit differentiates itself with a highly accurate detection engine, broad coverage, seamless integration into developer workflows, and the most cost effective tool available.

What is the difference between Cremit’s free and paid versions?

The free version offers core non-human identities detection, while the paid versions include advanced features such as real-time alerts, more integrations, and others. For more information please visit our pricing page.

How can I test Cremit’s detection capabilities?

You can test Cremit using sample repositories with intentionally embedded credentials.

Does Cremit offer on-premise deployments?

Cremit is primarily a cloud-based solution, but Enterprise plan customers can request on-premise deployments to meet specific security requirements.

Is there an API available for automation?

Yes, Cremit offers a robust API for integrating NHI leak detection into your automation pipelines, ensuring security across your development process.

Does Cremit scan public repositories?

Yes, Cremit proactively scans public repositories. If a leak of confidential information is detected, we notify the repository owner and provide guidance on remediation. For more information please visit our Vigilant Ally page.

Can I integrate Cremit with my existing development workflow?

Absolutely. Cremit integrates with CI/CD workflows. Our API and CLI options allow seamless incorporation into development workflows.

How secure is the scanning process?

Cremit prioritizes security and confidentiality. We scan repositories in a secure environment without permanently storing your code. Our protocols ensure privacy throughout the process.

What happens when a NHI is detected?

When a leak is flagged, Cremit provides a detailed alert that includes the file location, type of secret, and risk assessment. This helps teams quickly remediate issues and secure their environment.

How does Cremit detect non-human identities?

Our scanning engine employs advanced pattern matching to identify a wide range of sensitive data, including API keys, private keys, and database credentials.

What types of credentials does Cremit detect?

Cremit is designed to identify over 800+ types of non-human identities and other credential types.

How does Cremit handle false positives?

Our detection engine continuously improves with machine learning to ensure no false positives.

What is Cremit’s Non-Human Identity (NHI) detection solution?

Cremit provides an automated, SaaS-based detection solution that scans your code repositories for non-human identities (NHI) such as API keys, tokens, passwords, certificates, and others to help prevent data breaches and security incidents.

Why is secret detection important for my code security?

Vulnerable NHIs can expose your systems to unauthorized access, data leaks, and compliance violations. By using Cremit, you can continuously monitor and detect leaks early in the development cycle, reducing the risk of security breaches and ensuring your codebase remains secure.

The Future of Analytics
Browse All Resources
Browse All Resources
Trusted by hundered of companies globally